The NHS has bizarrely rejected the decentralised, secure and intelligently designed Apple-Google contact tracing framework in favour of a centralised approach. The decentralised approach is being taken by Germany, Austria, Switzerland, Estonia, Spain, and Ireland. It means all recent contacts will be anonymously, securely stored on your device and never centrally accessible.
Guido has compiled some of the disastrous consequences the UK’s nationalised centralised NHS approach will have:
- Privacy: There will be a centralised database of recent contacts of those who are infected. They claim it will be anonymised – we all know meta-data interrelates and could be connected to individuals, creating a huge honey pot for hackers.
- Self-reporting: The app will work from self-reported symptoms, rather than based on a test result. This opens it to misuse by people who don’t want to go to work or kids who want to skip class.
- Travel and visitors: The UK’s app won’t work when you travel overseas, unlike the decentralised apps that work together. Foreigners’ apps won’t work in the UK.
- Northern Irish border: Ireland is using a decentralised app, which won’t interact with the UK’s centralised app, raising practical issues on the border.
- Battery: The Apple-Google framework will always run in the background limiting battery usage. People could just switch off the UK’s app if they think it’s draining battery.
- Legal: The proposal could break privacy laws by unnecessarily infringing on privacy, leaving it stuck in courts.
- Mission creep: There is no law to prevent the Government from repurposing the app on your phone or the data they have for other purposes. It risks being misused and expanded in future.
- Background: The app won’t be able to run fully in the background on iPhones or newer Androids because they aren’t using the Apple-Google framework. If two locked devices cross paths they won’t be able to send out a signal, they can only receive a signal from an unlocked device.
- Non-app users: Apple and Google are planning to build their framework into the operating system, meaning even if you don’t have the app installed you can opt-in later and have the data available.
- Usability: The NHS has a poor track record in IT projects, it’s likely the custom-designed app won’t work particularly well at first. Many people could just lose faith and give up, rendering the whole project useless.
The Government claims a centralised system is necessary for data about the outbreak, however it would still be possible to gather anonymised data from a decentralised app. Matthew Lesh of the Adam Smith Institute tells Guido:
“If a contact tracing app is going to work it must be downloaded by the clear majority of people. An app that unnecessarily centralises data, is clunky to use and drains your battery is unlikely to be particularly appealing. We need to change to a decentralised approach before it’s too late. Lives are on the line.”
It’s not too late…
UPDATE: According to software industry bible The Register the Bluetooth function just won’t work:
Despite what the National Cyber Security Centre has continued to imply, the app will not, as it stands, work all the time on iOS nor Android since version 8. The operating systems won’t allow the tracing application to broadcast its ID via Bluetooth to surrounding devices when it’s running in the background and not in active use. Apple’s iOS forbids it, and newer Google Android versions limit it to a few minutes after the app falls into the background.
That means that unless people have the NHS app running in the foreground and their phones awake most of the time, the fundamental principle underpinning the entire system – that phones detect each other – won’t work.
It will work if people open the app and leave it open and the phone unlocked. But if you close it and forget to reopen it, or the phone falls asleep, the app will not broadcast its ID and no other phones around you will register that you’ve been close by.
Which makes the philosophical / ideological objection to centralised versus decentralised solution irrelevant…
TAP – The centralised system could have another use other than disease prevention – 99% of the disease is a hoax as it is. It could be used to target politically inconvenient people and tell them they are now at risk, drawing them into the hopelessness of vaccination and other ‘treatments’, like barring them from working or socialising. The selection for people who are to be ‘treated’ could be made entirely in other ways and they can just use the failing app as the excuse to pick an individual out. In fact if the app doesn’t work properly, that makes using it inappropriately for selecting individuals all the easier. An app that actually traced the progress of the disease would make it hard to use it for political or cultural ends.